Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#lfi#eibiz#packetstorm#windows
Description

What is the "Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion?"

The "Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion" module is designed to detect a vulnerability in the Eibiz i-Media Server Digital Signage software version 3.8.0. This vulnerability allows an attacker to include local files from the server, potentially leading to unauthorized access and information disclosure. The severity of this vulnerability is classified as high.

Impact

If successfully exploited, the local file inclusion vulnerability in the Eibiz i-Media Server Digital Signage 3.8.0 can have serious consequences. An attacker can access sensitive files on the server, such as configuration files, user credentials, or other sensitive information. This can lead to further attacks, data breaches, or unauthorized access to the system.

How the module works?

The module works by sending a specific HTTP request to the target server. The request includes a path parameter that attempts to access a file outside of the intended directory structure. The module then analyzes the response body for specific keywords, such as "bit app support," "fonts," or "extensions." If these keywords are found, it indicates a successful local file inclusion vulnerability.

Example HTTP request:

GET /dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null

The module uses matching conditions to determine if the vulnerability is present. In this case, it checks if the response body contains the specified keywords and uses the "and" condition to ensure all keywords are present. If the conditions are met, the module reports the vulnerability.

It is important to address and fix this vulnerability promptly to prevent potential unauthorized access and data leakage.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/dlibrary/null?oldfi...
Matching conditions
word: bit app support, fonts, extensions
Passive global matcher
No matching conditions.
On match action
Report vulnerability